Open fred-gb opened 1 year ago
Found a workaround, with this topic: Discuss Hashicorp
In consul config:
tls {
"grpc": {
"verify_incoming": false
}
[...]
But, I don't really understand if exists a solution for Consul 1.15+
Thanks
After many tries. No more functionnal.
I tried to create a separate CA and cert.
tls = {
defaults = {
ca_file = "/etc/ssl/hashistack-ca.pem"
cert_file = "/etc/ssl/dc1-server-consul.pem"
key_file = "/etc/ssl/dc1-server-consul.key"
tls_min_version = "TLSv1_2"
verify_incoming = true
verify_outgoing = true
}
grpc = {
ca_file = "/etc/ssl/envoy-ca.pem"
cert_file = "/etc/ssl/dc1-server-envoy.pem"
key_file = "/etc/ssl/dc1-server-envoy.key"
}
https = {
"verify_incoming" = false
}
internal_rpc = {
verify_incoming = true
verify_server_hostname = true
}
}
Error message change! 🥳
Now I have:
[2023-03-17 07:54:56.493][1][warning][config] [./source/common/config/grpc_stream.h:201] DeltaAggregatedResources gRPC config stream to local_agent closed since 371s ago: 14, upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: TLS error: 268435581:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
😢
Hi 👋🏻
Overview of the Issue
I tried to create hashistack with ACL and TLS on single node for now. When I launch a test job with consul connect won't work
I posted issue here after this thread on discuss: Nomad discuss after it is advised to post on Consul forum.
Consul 1.15.1 Nomad 1.5
I see in changes what it needed to work. But I don't know how to apply with Nomad job deploy.
I'm not sure about which from Consul or Nomad come from issue
Reproduction Steps
Create a single node Hashistack with Consul 1.15.1 Vault 1.13 (consul backend) Nomad 1.5 .
Launch job with first Sidecar:
and second job to connect to sidecar:
Consul info for both Client and Server
Consul Info:
Client and Server HCL config (single node)
According to this docs: Nomad Consul Connect integration
Nomad conf:
Operating system and Environment details
Ubuntu 22.04 (in VM for testing)
Log Fragments
In Nomad UI:
I created certs with openssl and ansible. It works. Without launch job, I have no error in communications between each components of Hashistack.
Help! 🆘